Overview A critical security vulnerability, identified as CVE-2025-13561, has been discovered in SourceCodester Company Website CMS version 1.0. This flaw is a SQL injection vulnerability located in the /admin/index.php file. Successful exploitation of this vulnerability could allow attackers to execute arbitrary SQL queries, potentially leading to data breaches, unauthorized access, and complete system compromise. The vulnerability is remotely exploitable and proof-of-concept exploit code is publicly available, increasing the risk of widespread exploitation. Technical Details The SQL injection vulnerability exists due to improper sanitization of user input provided to the Username argument within the /admin/index.php script. An attacker can inject malicious…

Overview CVE-2025-48507 is a significant security vulnerability discovered in Arm Trusted Firmware (TF-A). This flaw stems from the improper handling of the security state of the calling processor during interactions with TF-A. Due to the lack of proper validation, a non-secure processor could potentially gain unauthorized access to secure memory regions, cryptographic operations, and control over power management subsystems within the System on a Chip (SoC). Technical Details The core issue lies in the fact that Arm TF-A isn’t consistently verifying the security state of the processor initiating a request. In a secure environment, processors operate at different security levels…

Overview CVE-2025-13560 is a critical SQL injection vulnerability affecting SourceCodester Company Website CMS version 1.0. This vulnerability resides within the /admin/reset-password.php file and allows remote attackers to execute arbitrary SQL commands through manipulation of the email argument. This can lead to unauthorized data access, modification, or even complete system compromise. The exploit is publicly available, increasing the urgency for remediation. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input within the /admin/reset-password.php file. Specifically, the email parameter, intended for password reset functionality, is not properly validated or escaped before being incorporated into a SQL query. An attacker can…

Overview A high-severity SQL injection vulnerability, identified as CVE-2025-13557, has been discovered in Campcodes Online Polling System version 1.0. This vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the ’email’ parameter in the /registeracc.php file. The exploit is publicly available, posing a significant risk to systems running the affected version. Technical Details The vulnerability resides in the /registeracc.php file, specifically within the account registration functionality. The application fails to properly sanitize user-supplied input for the ’email’ parameter. An attacker can inject malicious SQL code into this parameter, which is then executed by the database. This can lead…

Overview CVE-2024-21923 is a high-severity vulnerability affecting AMD StoreMI™. This vulnerability stems from incorrect default permissions, potentially allowing a local attacker to elevate their privileges and execute arbitrary code on the affected system. This poses a significant security risk and requires immediate attention. Technical Details The vulnerability arises from overly permissive default permissions assigned during the installation or configuration of AMD StoreMI™. An attacker with local access can exploit these misconfigured permissions to gain elevated privileges. The specific files or directories affected are not explicitly detailed in the public advisory but the core issue is a lack of proper access…

Overview A high-severity security vulnerability, identified as CVE-2024-21922, has been discovered in AMD StoreMI™. This vulnerability is a DLL hijacking issue that could allow a local attacker to escalate privileges, potentially leading to arbitrary code execution on the affected system. This could have serious implications for system security and data integrity. This vulnerability was published on 2025-11-23T17:15:46.817 and is strongly advised that users take immediate action to mitigate this risk. Technical Details CVE-2024-21922 is a DLL hijacking vulnerability. This means that a malicious actor could place a specially crafted DLL file in a location where AMD StoreMI™ will load it…

Overview A significant security vulnerability, identified as CVE-2025-13556, has been discovered in Campcodes Online Polling System version 1.0. This flaw allows for remote SQL injection, potentially granting attackers unauthorized access to sensitive data and control over the affected system. The vulnerability resides within the /admin/checklogin.php file and can be exploited by manipulating the myusername argument. Technical Details The vulnerability stems from a lack of proper input sanitization in the checklogin.php file. Specifically, the myusername parameter, used during the login process, is not adequately validated before being used in a database query. An attacker can inject malicious SQL code into this…

Overview CVE-2025-13555 is a high-severity SQL injection vulnerability discovered in Campcodes School File Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands by manipulating the stud_no parameter within the /index.php file, specifically related to the Login component. The exploit is publicly available, increasing the urgency for administrators to apply the necessary mitigation steps. Technical Details The vulnerability exists because the application fails to properly sanitize user-supplied input passed to the stud_no parameter during the login process. An attacker can craft a malicious SQL query within this parameter, potentially allowing them to bypass authentication, extract…

Overview CVE-2025-13554 details a significant security vulnerability affecting Campcodes Supplier Management System version 1.0. Specifically, this is a SQL injection vulnerability present within the login functionality, allowing potential attackers to execute arbitrary SQL queries and potentially gain unauthorized access to sensitive data. Technical Details The vulnerability resides in the /index.php file, specifically within the Login component. The txtUsername argument is susceptible to SQL injection. By manipulating this argument with specially crafted SQL statements, an attacker can bypass authentication mechanisms and gain unauthorized access. This vulnerability is remotely exploitable and a proof-of-concept exploit is publicly available, increasing the risk of exploitation.…

Overview CVE-2025-13553 is a high-severity buffer overflow vulnerability affecting D-Link DWR-M920 routers running firmware version 1.1.50. This vulnerability allows remote attackers to potentially execute arbitrary code on the affected device. A public exploit is already available, increasing the risk of widespread exploitation. Technical Details The vulnerability resides in the sub_41C7FC function within the /boafrm/formPinManageSetup file. The attack is triggered by manipulating the submit-url argument, leading to a buffer overflow. Because the vulnerability is remotely exploitable, devices exposed to the internet are particularly at risk. Successful exploitation can allow a malicious actor to gain complete control of the device, potentially leading…